Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

login, tokens and expiration

login, tokens and expiration

Wekan / General · April 14, 2020 at 5:01pm

Once you have registered and then logged in with Password you get a token with a token expiration date.

If you do not logout ,that token and its expiration determines how long you can go to the site before you have to re-authenticate, correct?

If you logout, is that token still good for the duration of the original expiration date or are you re-issued a new token with a further in future expiration date?

Where can I change that expiration to a longer or short time? (in the api) or (in the GUI) or (in mongo collection)

Can I remove the expiration time so it never times out? (in the api) or (in the GUI) or (in mongo collection)

Can I force the token to expire prematurely with no user activity for a while (like 4 hours)? (in the api) or (in the GUI) or (in mongo collection)

I have an application where for some features for some users are already logged into another application and for many accounts they all see wekan as a web page embed, so getting another challenge/response to auth into wekan is a limitation. Call it a trust relationship between the two apps. The mother app has a very high authentication hurtle (three keys and two factor). Trting to automate or at least streamline the auth back into wekan.

Thanks as always


April 15, 2020 at 12:49am

Hmm, it seems 2018 called again about token issue https://github.com/wekan/wekan/issues/1437

    • reply
    • like

    April 15, 2020 at 3:09pm

    ok that issue is a good reference thank you

      • reply
      • like

      so

        • reply
        • like

        I may be incorrect in my assumptions

          • reply
          • like

          gui tokens have that attribute loginExpirationinDays or is that REST tokens?

            • reply
            • like

            I use both obviously

              • reply
              • like

              login expiration is a mongo setting in what collection?

                • reply
                • like

                I see resume.logintoken in user collection in mongo and they have an issue date

                  • reply
                  • like

                  is loginexpirationinsays set to three days or zero days

                    • reply
                    • like

                    is that in snap setup?

                      • reply
                      • like

                      if not where?

                        • reply
                        • like